Add latest changes from gitlab-org/gitlab@master

Gemfile

@@ -398,6 +398,12 @@ group :development do
   gem 'sprite-factory', '~> 1.7' # rubocop:todo Gemfile/MissingFeatureCategory
 
   gem 'listen', '~> 3.7' # rubocop:todo Gemfile/MissingFeatureCategory
+
+  gem 'ruby-lsp', "~> 0.12.3", feature_category: :tooling
+
+  gem 'ruby-lsp-rails', "~> 0.2.7", feature_category: :tooling
+
+  gem 'ruby-lsp-rspec', "~> 0.1.5", feature_category: :tooling
 end
 
 group :development, :test do

Gemfile.checksum

@@ -333,6 +333,7 @@
 {"name":"kramdown","version":"2.3.2","platform":"ruby","checksum":"cb4530c2e9d16481591df2c9336723683c354e5416a5dd3e447fa48215a6a71c"},
 {"name":"kramdown-parser-gfm","version":"1.1.0","platform":"ruby","checksum":"fb39745516427d2988543bf01fc4cf0ab1149476382393e0e9c48592f6581729"},
 {"name":"kubeclient","version":"4.11.0","platform":"ruby","checksum":"4985fcd749fb8c364a668a8350a49821647f03aa52d9ee6cbc582beb8e883fcc"},
+{"name":"language_server-protocol","version":"3.17.0.3","platform":"ruby","checksum":"3d5c58c02f44a20d972957a9febe386d7e7468ab3900ce6bd2b563dd910c6b3f"},
 {"name":"launchy","version":"2.5.0","platform":"ruby","checksum":"954243c4255920982ce682f89a42e76372dba94770bf09c23a523e204bdebef5"},
 {"name":"lefthook","version":"1.5.2","platform":"ruby","checksum":"37d78cbf39169c4cbd82bce2e83dc06851e408512fe5fee427b1bd53487e670a"},
 {"name":"letter_opener","version":"1.7.0","platform":"ruby","checksum":"095bc0d58e006e5b43ea7d219e64ecf2de8d1f7d9dafc432040a845cf59b4725"},
@@ -455,6 +456,7 @@
 {"name":"premailer","version":"1.16.0","platform":"ruby","checksum":"03e4402c448e6bae13fb5f6301a8bde4f3508e1bff90ae7c0972c7be94694786"},
 {"name":"premailer-rails","version":"1.10.3","platform":"ruby","checksum":"7cdcb97027866f7a81c490c6d15ada7f39666b5f6375f0821b7e97e0483b112f"},
 {"name":"prime","version":"0.1.2","platform":"ruby","checksum":"d4e956cadfaf04de036dc7dc74f95bf6a285a62cc509b28b7a66b245d19fe3a4"},
+{"name":"prism","version":"0.17.1","platform":"ruby","checksum":"e63f86df2c36aecd578431ee0c9d1f66cdef98a406f0a11e7da949514212cbcd"},
 {"name":"proc_to_ast","version":"0.1.0","platform":"ruby","checksum":"92a73fa66e2250a83f8589f818b0751bcf227c68f85916202df7af85082f8691"},
 {"name":"prometheus-client-mmap","version":"0.28.1","platform":"aarch64-linux","checksum":"b190045625ee8f8b3ef90e583ef7fadeac745810c8a243f1ed5e9b47c18146f0"},
 {"name":"prometheus-client-mmap","version":"0.28.1","platform":"arm64-darwin","checksum":"9e7022848493b882d1de9f42d7784f9821e83b2c3b4b2dc9a12c2c8269209a6e"},
@@ -554,6 +556,9 @@
 {"name":"rubocop-rails","version":"2.20.2","platform":"ruby","checksum":"d20cbd613900fa22bcf85a7fba78ab68b21fc4f90b1e73c97284d40674332417"},
 {"name":"rubocop-rspec","version":"2.22.0","platform":"ruby","checksum":"2d7493222c81c78ad304ddd81aaf64b3543bcfac6d3d8706c220331921753a03"},
 {"name":"ruby-fogbugz","version":"0.3.0","platform":"ruby","checksum":"5e04cde474648f498a71cf1e1a7ab42c66b953862fbe224f793ec0a7a1d5f657"},
+{"name":"ruby-lsp","version":"0.12.3","platform":"ruby","checksum":"e49d82cdcb20c16f3b78556e3107af813f785c05d2d02658f810d03852db4567"},
+{"name":"ruby-lsp-rails","version":"0.2.7","platform":"ruby","checksum":"722c4613d212aa136733b36674e5773e2352de9b3c1a05cafec86dc589a47811"},
+{"name":"ruby-lsp-rspec","version":"0.1.5","platform":"ruby","checksum":"d26dcfcc0ad3e9690f22354a8b1c12e0eb5cc03949c7afa846af805f4fc842e5"},
 {"name":"ruby-magic","version":"0.6.0","platform":"ruby","checksum":"7b2138877b7d23aff812c95564eba6473b74b815ef85beb0eb792e729a2b6101"},
 {"name":"ruby-openai","version":"3.7.0","platform":"ruby","checksum":"fb735d4c055e282ade264cab9864944c05a8a10e0cddd45a0551e8a9851b1850"},
 {"name":"ruby-progressbar","version":"1.11.0","platform":"ruby","checksum":"cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a"},
@@ -600,6 +605,7 @@
 {"name":"snaky_hash","version":"2.0.0","platform":"ruby","checksum":"fe8b2e39e8ff69320f7812af73ea06401579e29ff1734a7009567391600687de"},
 {"name":"snowplow-tracker","version":"0.8.0","platform":"ruby","checksum":"7ba6f4f1443a829845fd28e63eda72d9d3d247f485310ddcccaebbc52b734a38"},
 {"name":"solargraph","version":"0.47.2","platform":"ruby","checksum":"87ca4b799b9155c2c31c15954c483e952fdacd800f52d6709b901dd447bcac6a"},
+{"name":"sorbet-runtime","version":"0.5.11120","platform":"ruby","checksum":"73112246db6c28ac93befb7335dfbf1ec96e583ee8724f2c1c177dc027586bd2"},
 {"name":"sorted_set","version":"1.0.3","platform":"java","checksum":"996283f2e5c6e838825bcdcee31d6306515ae5f24bcb0ee4ce09dfff32919b8c"},
 {"name":"sorted_set","version":"1.0.3","platform":"ruby","checksum":"4f2b8bee6e8c59cbd296228c0f1f81679357177a8b6859dcc2a99e86cce6372f"},
 {"name":"spamcheck","version":"1.3.0","platform":"ruby","checksum":"a46082752257838d8484c844736e309ec499f85dcc51283a5f973b33f1c994f5"},

Gemfile.lock

@@ -960,6 +960,7 @@ GEM
       jsonpath (~> 1.0)
       recursive-open-struct (~> 1.1, >= 1.1.1)
       rest-client (~> 2.0)
+    language_server-protocol (3.17.0.3)
     launchy (2.5.0)
       addressable (~> 2.7)
     lefthook (1.5.2)
@@ -1227,6 +1228,7 @@ GEM
     prime (0.1.2)
       forwardable
       singleton
+    prism (0.17.1)
     proc_to_ast (0.1.0)
       coderay
       parser
@@ -1439,6 +1441,16 @@ GEM
     ruby-fogbugz (0.3.0)
       crack (~> 0.4)
       multipart-post (~> 2.0)
+    ruby-lsp (0.12.3)
+      language_server-protocol (~> 3.17.0)
+      prism (>= 0.17.1, < 0.18)
+      sorbet-runtime (>= 0.5.5685)
+    ruby-lsp-rails (0.2.7)
+      rails (>= 6.0)
+      ruby-lsp (>= 0.12.0, < 0.13.0)
+      sorbet-runtime (>= 0.5.9897)
+    ruby-lsp-rspec (0.1.5)
+      ruby-lsp (~> 0.12.0)
     ruby-magic (0.6.0)
       mini_portile2 (~> 2.8)
     ruby-openai (3.7.0)
@@ -1545,6 +1557,7 @@ GEM
       thor (~> 1.0)
       tilt (~> 2.0)
       yard (~> 0.9, >= 0.9.24)
+    sorbet-runtime (0.5.11120)
     sorted_set (1.0.3)
       rbtree
       set (~> 1.0)
@@ -2000,6 +2013,9 @@ DEPENDENCIES
   rspec_profiling (~> 0.0.6)
   rubocop
   ruby-fogbugz (~> 0.3.0)
+  ruby-lsp (~> 0.12.3)
+  ruby-lsp-rails (~> 0.2.7)
+  ruby-lsp-rspec (~> 0.1.5)
   ruby-magic (~> 0.6)
   ruby-openai (~> 3.7)
   ruby-progressbar (~> 1.10)

config/feature_flags/development/global_dependency_scanning_on_advisory_ingestion.yml

@@ -0,0 +1,8 @@
+---
+name: global_dependency_scanning_on_advisory_ingestion
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/135581
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/427424
+milestone: '16.6'
+type: development
+group: group::composition analysis
+default_enabled: false

config/sidekiq_queues.yml

@@ -509,6 +509,8 @@
   - 1
 - - package_metadata_advisory_scan
   - 1
+- - package_metadata_global_advisory_scan
+  - 1
 - - package_repositories
   - 1
 - - packages_composer_cache_update

doc/user/application_security/sast/troubleshooting.md

@@ -56,14 +56,14 @@ For information on this, see the [general Application Security troubleshooting s
 
 For information on this, see the [GitLab Secure troubleshooting section](../index.md#error-job-is-used-for-configuration-only-and-its-script-should-not-be-executed).
 
-## Limitation when using rules:exists
+## SAST jobs are running unexpectedly
 
 The [SAST CI template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
-uses the `rules:exists` parameter. For performance reasons, a maximum number of matches are made
-against the given glob pattern. If the number of matches exceeds the maximum, the `rules:exists`
+uses the `rules:exists` parameter. For performance reasons, a maximum number of 10000 matches are
+made against the given glob pattern. If the number of matches exceeds the maximum, the `rules:exists`
 parameter returns `true`. Depending on the number of files in your repository, a SAST job might be
-triggered even if the scanner doesn't support your project. For more details about this issue, see
-the [`rules:exists` documentation](../../../ci/yaml/index.md#rulesexists).
+triggered even if the scanner doesn't support your project. For more details about this limitation,
+see the [`rules:exists` documentation](../../../ci/yaml/index.md#rulesexists).
 
 ## SpotBugs UTF-8 unmappable character errors
 

doc/user/packages/package_registry/supported_functionality.md

@@ -160,9 +160,9 @@ The following authentication protocols are supported:
 
 | Package type                                          | Supported auth protocols                                    |
 |-------------------------------------------------------|-------------------------------------------------------------|
-| [Maven (with `mvn`)](../maven_repository/index.md)    | Headers, Basic auth ([pulling](#pulling-packages) only) (1) |
-| [Maven (with `gradle`)](../maven_repository/index.md) | Headers, Basic auth ([pulling](#pulling-packages) only) (1) |
-| [Maven (with `sbt`)](../maven_repository/index.md)    | Basic auth (1)                                              |
+| [Maven (with `mvn`)](../maven_repository/index.md)    | Headers, Basic auth                                         |
+| [Maven (with `gradle`)](../maven_repository/index.md) | Headers, Basic auth                                         |
+| [Maven (with `sbt`)](../maven_repository/index.md)    | Basic auth ([pulling](#pulling-packages) only) (1)          |
 | [npm](../npm_registry/index.md)                       | OAuth                                                       |
 | [NuGet](../nuget_repository/index.md)                 | Basic auth                                                  |
 | [PyPI](../pypi_repository/index.md)                   | Basic auth                                                  |

doc/user/project/system_notes.md

@@ -23,12 +23,14 @@ in system notes. System notes use the format `<Author> <action> <time ago>`.
 
 By default, system notes do not display. When displayed, they are shown oldest first.
 If you change the filter or sort options, your selection is remembered across sections.
-The filtering options are:
+For all item types except merge requests, the filtering options are:
 
 - **Show all activity** displays both comments and history.
 - **Show comments only** hides system notes.
 - **Show history only** hides user comments.
 
+Merge requests provide more granular filtering options.
+
 ### On an epic
 
 1. On the left sidebar, select **Search or go to** and find your project.
@@ -49,7 +51,19 @@ The filtering options are:
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Code > Merge requests** and find your merge request.
 1. Go to **Activity**.
-1. For **Sort or filter**, select **Show all activity**.
+1. For **Sort or filter**, select **Show all activity** to see all system notes.
+   To narrow the types of system notes returned, select one or more of:
+
+   - **Approvals**
+   - **Assignees &amp; Reviewers**
+   - **Comments**
+   - **Commits &amp; branches**
+   - **Edits**
+   - **Labels**
+   - **Lock status**
+   - **Mentions**
+   - **Merge request status**
+   - **Tracking**
 
 ## Privacy considerations
 

doc/user/search/index.md

@@ -103,24 +103,13 @@ For example:
 
 ## Include archived projects in search results
 
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121981) in GitLab 16.1 [with a flag](../../administration/feature_flags.md) named `search_projects_hide_archived`. Disabled by default.
-> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/413821) in GitLab 16.3. Feature flag `search_projects_hide_archived` removed.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121981) in GitLab 16.1 [with a flag](../../administration/feature_flags.md) named `search_projects_hide_archived` for the project scope. Disabled by default.
+> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/10957) in GitLab 16.6 for all scopes.
 
 By default, archived projects are excluded from search results.
-To include archived projects:
+To include the search result from archived projects:
 
-1. On the project search page, on the left sidebar, select the **Include archived** checkbox.
-1. On the left sidebar, select **Apply**.
-
-### Include issues in archived projects
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124846) in GitLab 16.2 [with a flag](../../administration/feature_flags.md) named `search_issues_hide_archived_projects`. Disabled by default.
-> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/416483) in GitLab 16.6. Feature flag `search_issues_hide_archived_projects` removed.
-
-By default, issues in archived projects are excluded from search results.
-To include issues in archived projects:
-
-1. On the project search page, on the left sidebar, select the **Include archived** checkbox.
+1. On the search result page, on the left sidebar, select the **Include archived** checkbox.
 1. On the left sidebar, select **Apply**.
 
 ## Search for code

scripts/duo_chat/reporter.rb

@@ -155,6 +155,8 @@ class Reporter
 
         #### LLM Evaluation
 
+        Tools used: #{data['tools_used']}
+
         #{evalutions(data)}